Lucy Kerner, Senior Principal Security Global Technical Evangelist & Strategist, Red Hat®
Peter Beniaris, Manager—Solutions Architecture, Red Hat
Lukas Vrabec, Senior Software Engineer—Red Hat Enterprise Linux® (RHEL) Security, Red Hat
Marek Haicman, Senior Quality Engineer and Product Owner—Security Compliance, Red Hat
Simo Sorce, Senior Principal Software Engineer—RHEL Security, Red Hat
Paul Wouters, Senior Software Engineer—RHEL Security, Red Hat
Daniel Kopecek, Senior Software Engineer—RHEL Security, Red Hat
Kirill Gliebov, Software Engineer—RHEL Security, Red Hat
Matej Tyc, Software Engineer and Tech Lead—Security Compliance in RHEL Security, Red Hat
Steve Grubb, Senior Principal Software Engineer—RHEL Security, Red Hat
Richard Guy Briggs, Senior Software Engineer—RHEL Security, Red Hat
In this lab, you learn how to build defense-in-depth in the operating system by implementing the key security technologies available to you in the latest version of Red Hat Enterprise Linux.
In a defense-in-depth approach, you implement security at all layers to build a strong foundation to proactively defend against possible security attacks and breaches. You provide security compliance by using technologies such as OpenSCAP, Audit, Audit Intrusion Detection Environment (AIDE), session recording, and system-wide cryptographic policies. You implement physical security with technologies such as USBGuard and add network security with technologies such as firewalld, SELinux port security, and IPSec. You implement access management with Ansible® system roles, identity management, and SELinux process isolation. You implement data security with Linux Unified Key Setup (LUKS), Network Bound Disk Encryption (NBDE), and GNU Privacy Guard (GPG).
Specifically, you use OpenSCAP to scan and remediate against vulnerabilities and configuration security baselines. You also block possible attacks from vulnerabilities using SELinux and use Network Bound Disk Encryption to securely decrypt your encrypted boot volumes unattended. You learn how to deploy opportunistic IPsec to encrypt all host-to-host communication within an enterprise network and also use USBGuard to implement basic whitelisting and blacklisting to define which USB devices are and are not authorized and how a USB device may interact with your system. You also take advantage of the system-wide cryptographic policies for further security. Throughout your investigation of the security issues in your systems, you use audit logs and the web console, and you automate as much of your tasks as possible using Ansible. For example, you make automated configuration changes to your systems across multiple versions of Red Hat Enterprise Linux running in your environment using the Systems Roles feature. You also learn how to use AIDE, session recording, logging, and playback to look for abnormal behavior. In addition, you learn how to create a single sign-on environment for all of your Linux servers using Identity Management in Red Hat Enterprise Linux (IdM). Finally, you discover how to identify yourself and encrypt your communications with GPG and also learn how to use firewalld to dynamically manage firewall rules.
This lab is geared toward systems administrators, cloud administrators and operators, architects, and others working on infrastructure operations management who are interested in learning how to take advantage of the built-in security technologies in Red Hat Enterprise Linux.
The prerequisite for this lab include basic Linux skills gained from Red Hat Certified System Administrator (RHCSA®) or equivalent system administration skills.
In this session, you learn how to:
-
Automate security compliance using OpenSCAP to scan and remediate against vulnerabilities and configuration security baselines.
-
Use SELinux to isolate running processes to mitigate against attacks.
-
Use NBDE to securely decrypt LUKS-encrypted volumes unattended.
-
Deploy opportunistic IPSec to encrypt all host-to-host communication within an enterprise network.
-
Take advantage of system-wide cryptographic policies.
-
Use USBGuard to protect against rogue USB devices and implement basic whitelisting and blacklisting to define which USB devices are authorized.
-
Take advantage of the auditing capabilities and the web console for easier centralized management.
-
Use the AIDE to detect intrusions.
-
Create a single sign-on environment for all of your Linux servers using IdM.
-
Use GPG to identify yourself and encrypt your communications.
-
Use firewalld to dynamically manage firewall rules.
-
Configure system-wide cryptographic policies and set a machine in Federal Information Processing Standards (FIPS) mode.
-
Take advantage of session recording, logging, and playback features and AIDE to look for abnormal behavior.
-
Use systems roles to make multiple automated configuration changes across different versions of Red Hat Enterprise Linux using Red Hat Ansible Automation.
Your entire lab environment is hosted online and includes Red Hat Enterprise Linux and Red Hat Ansible Automation.
You obtain your own unique GUID, which you use to access your instance of these Red Hat products for the labs.
Each lab is independent from the others and it is not necessary to perform them sequentially.